[Snyk] Upgrade nodemailer from 6.4.14 to 6.9.8

[MRdevX]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade nodemailer from 6.4.14 to 6.9.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 30 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2023-12-30.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-SYSTEMINFORMATION-1050436	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-SYSTEMINFORMATION-1074913	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Mature
	Command Injection SNYK-JS-VIZION-565230	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MQUERY-1050858	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MQUERY-1089718	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-NODEMAILER-1038834	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-SWAGGERUIDIST-2314884	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Mature
	Server-side Request Forgery (SSRF) SNYK-JS-SWAGGERUIDIST-6056393	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Arbitrary Command Injection SNYK-JS-SYSTEMINFORMATION-1243748	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Input Validation SNYK-JS-SYSTEMINFORMATION-1244526	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-SYSTEMINFORMATION-1043753	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-SYSTEMINFORMATION-1047312	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SYSTEMINFORMATION-1073627	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-SYSTEMINFORMATION-1078290	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-MONGODB-5871303	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MONGOOSE-1086688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MPATH-1577289	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: nodemailer

• 6.9.8 - 2023-12-30
  

  6.9.8 (2023-12-30)

  Bug Fixes

  • punycode: do not use native punycode module (b4d0e0c)
• 6.9.7 - 2023-10-22
  

  6.9.7 (2023-10-22)

  Bug Fixes

  • customAuth: Do not require user and pass to be set for custom authentication schemes (fixes #1584) (41d482c)
• 6.9.6 - 2023-10-09
  

  6.9.6 (2023-10-09)

  Bug Fixes

  • inline: Use 'inline' as the default Content Dispostion value for embedded images (db32c93)
  • tests: Removed Node v12 from test matrix as it is not compatible with the test framework anymore (7fe0a60)
• 6.9.5 - 2023-09-06
  

  6.9.5 (2023-09-06)

  Bug Fixes

  • license: Updated license year (da4744e)
• 6.9.4 - 2023-07-19
  

  v6.9.4

• 6.9.3 - 2023-05-29
  

  v6.9.3

• 6.9.2 - 2023-05-11
  

  v6.9.2

• 6.9.1 - 2023-01-27
  

  v6.9.1

• 6.9.0 - 2023-01-12
  

  v6.9.0

• 6.8.0 - 2022-09-28
  

  v6.8.0

• 6.7.8 - 2022-08-11
• 6.7.7 - 2022-07-06
• 6.7.6 - 2022-06-30
• 6.7.5 - 2022-05-04
• 6.7.4 - 2022-04-28
• 6.7.3 - 2022-03-21
• 6.7.2 - 2021-11-26
• 6.7.1 - 2021-11-15
• 6.7.0 - 2021-10-11
• 6.6.5 - 2021-09-23
• 6.6.4 - 2021-09-23
• 6.6.3 - 2021-07-14
• 6.6.2 - 2021-06-18
• 6.6.1 - 2021-05-23
• 6.6.0 - 2021-04-28
• 6.5.0 - 2021-02-26
• 6.4.18 - 2021-02-11
• 6.4.17 - 2020-12-11
• 6.4.16 - 2020-11-12
• 6.4.15 - 2020-11-06
• 6.4.14 - 2020-10-14

from nodemailer GitHub release notes

Commit messages

Package name: nodemailer

• 4233f6f chore(master): release 6.9.8 [skip-ci] (#1605)
• 09d502f chore: removed double file
• b4d0e0c fix(punycode): do not use native punycode module
• 8376c02 Test new github notice syntax for README
• bc46a3b Updated stale github action
• 78bdaf8 chore: remove redundant AWS SDK for JavaScript v2 (#1593)
• 971ced7 chore: add mailcatch.app to well-known/services.json (#1586)
• 879e562 chore(master): release 6.9.7 [skip-ci] (#1585)
• 140e3b0 Merge branch 'master' of github.com:nodemailer/nodemailer
• 41d482c fix(customAuth): Do not require user and pass to be set for custom authentication schemes (fixes #1584)
• 20e9fe0 update - `services.json` - add SES SMTP endpoints for the AP region (#1580)
• 9da77b6 chore(master): release 6.9.6 [skip-ci] (#1578)
• 7fe0a60 fix(tests): Removed Node v12 from test matrix as it is not compatible with the test framework anymore
• db32c93 fix(inline): Use 'inline' as the default Content Dispostion value for embedded images
• fdc7c27 chore(master): release 6.9.5 [skip-ci] (#1573)
• da4744e fix(license): Updated license year
• 13672b2 Removed legacy files (#1571)
• afd2287 Added release workflow to publish npm packages from Github
• 1ae83a2 Update services.json
• 286dc28 v6.9.4
• 918974f v6.9.4
• 551c7b6 v6.9.3
• 5f81de4 specified license identifier
• 5ff8625 Update README.md

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs